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REMARKS 



The Applicant has received and reviewed the Official Action mailed by the 
Office on 27 May 2005 (hereinafter, the "Action"), and submits this paper as a 
fully-responsive reply thereto. The Applicant respectfully requests 
reconsideration and favorable action on the subject application at the earliest 
convenience of the Office. 

As a preliminary matter, the Applicant expresses appreciation for the 
Office's consideration of the Applicant's comments regarding the eligibility of 
Brothers as a § 102(e) reference, as indicated in the Advisory Action mailed on 18 
March 2005 and in the Action. However, the Applicant has reviewed the papers 
received in connection with both the Advisory Action and the Action, and is 
unable to locate the copy of the Brothers provisional filing mentioned in the 
Advisory Action and the Action. The Applicant's comments below do not focus 
particularly on Brothers. Therefore, the Applicant proceeds with this response 
assuming that the Brothers provisional filing includes the subject matter relied 
upon to support the rejections of the Applicant's claims as stated in the Action. 
However, the Applicant requests a copy of the Brothers provisional filing with the 
Office's next communication to the Applicant 

The Applicant also notes that claims 33-36 and 71-75 have been previously 
cancelled. However, the Action stated rejections of claims 33-36. 
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Claims 1-7, 10-32, and 37-70 are pending, of which claims 14 and 20 have 
been amended as indicated in the claim listing above. 

35 VS.C. § 103 Claim Rejections 

As stated in Paragraph 7 of the Action, Claims 1-7, 12, 14-15, 18, 20-25, 
28, 30-37, 40, 42-54, 57, 59-62, and 65-70 stand rejected under 35 U.S.C. § 103(a) 
as being unpatentable over U.S. Patent No. 6,415,280 to Farber et al. (hereinafter, 
"Farber"), in view of U.S. Patent Application Publication No. US 2002/0083178 
Al to Brothers (hereinafter, "Brothers"), and of U.S. Patent No. 5,359,659 to 
Rosenthal (hereinafter, "Rosenthal"). The Applicant respectfully traverses these 
rejections for the reasons set forth below. 

Turning to independent claim 1, the Applicant reproduces claim 1 here for 
convenience, with emphasis added for ease of discussion; 

"1. (previously presented) A network system, comprising: 
a first device to maintain an original resource; 

a second device to maintain a replica resource remotely from the first device, the repHca 
resource being replicated from the original resource; 

memory to store a cached descriptor corresponding to the original resource; 

a security component to determine whether the replica resource will pose a security risk 
to the second device upon receipt of a request for the replica resource, wherein the request 
designates a resource locator, the security component: 
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. being configured to determine whether the request will pose a security risk to the 
second device; 

formulating a descriptor corresponding to the replica resource and comparing the 
formulated descriptor with the cached descriptor; and 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to the original resource and comparing the 
formulated descriptor with the second descriptor ." 

Attention is directed to the portions underlined in claim 1 as reproduced 
above. On page 8, the Office cited Farber, column 31, lines 31-33 against the 
underlined portions of claim 1 above. For convenience, the Applicant reproduces 
the relevant portion of the Action here: 
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Application/Control Number: 09/751 ,01 6 Page 8 

Art Unit: 2131 

can be verified and have their integrity check to ensure that they match the stored True 
Names and any change in a True Name potentially signals corruption in the system and 
can be further investigated (Farber: inter alia, Column 34 Line 45 - 55). (e) Farber 
further discloses if an error is found (i.e. the file is corrupted), the system "has the ability 
to heal itself by finding another source for the True File with the given name (Farber 
inter alia, Column 31 Line 31 - 33: This must require formulating a second descriptor 
(i.e. second True Name // Descriptor) corresponding to the original resource (i.e. 
another source that holds the original true file) so that the validation of original 
uncorrupted file can be conducted). Therefore, Farber indeed teaches formulating a 
descriptor corresponding to the replica resource and comparing the fonnulated 
descriptor with the cached descriptor (i.e. True Name of Farber's) and then if the 
formulated desaiptor and the cached descriptor are not equivalent, formulating a 
second descriptor corresponding to the original resource and comparing the formulated 
descriptor with the second descriptor" (i.e. (d) & (e) as addressed above). 
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For further convenience, column 31, lines 31-33 of Farber, as cited in the Action, 
are reproduced here, with surrounding text: 

7. Verify True File 

This mechanism is used to verify that the data item in a 
True File registry 126 is indeed the correct data item given 
its True Name. Its purpose is to guard against device errors, 
malicious changes, or other problems. 

If an error is found, the system has the ability to "heal" 
itself by finding another source for the True File with the 
given name. It may also be desirable to verify that the error 
has not propagated to other systems, and to log the problem 
or indicate it to the computer operator. These details are not 
described here. 

To verify a data item that is not in a True File registry 126, 
use the Calculate True Name primitive mechanism described 
above. 

The basic mechanism begins with a True Name, and 
operates in the following steps: 

(A) Find the True File registry entry record 140 corre- 
sponding to the given True Name. 

(B) If there is a True File ID for the True File registry 
entry record 140 then use it. Otherwise, indicate that no 
file exists to verify. 

(C) Calculate the True Name of the data item given the file 
ID of the data item. 

(D) Confirm that the calculated True Name is equal to the so 
given True Name. 

(E) If the True Names are not equal, there is an error in 
the True File registry 126. Remove the True File ID 
from the True File registry entry record 140 and place 

it somewhere else. Indicate that the True File registry 55 
entry record 140 contained an error. 
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While column 31, lines 31-33 of Farber may refer to a "healing" capability, 
the Applicant submits that Farber provides scant detail on how this "healing" is 
performed, aside from "finding another source for the True File with the given 
name". Farber is silent as to what this "healing" particularly entails. In light of 
the limited description provided by Farber, the Applicant respectfully disagrees 
with the assertion in the Action that Farber' s "healing" capability " must require 
formulating a second descriptor ... corresponding to the original resource" 
(emphasis added). Tellingly, the sentence from Farber mentioning the "healing" 
capability does not reference the "True Name" identifier used throughout Farber' s 
description. Instead, this sentence uses the term "given name", and the antecedent 
for this reference is not entirely clear. Nevertheless, had Farber intended to refer 
to the True Name identifier in the context of "healing" its system, Farber should 
have done so clearly. 

The Applicant also notes that Farber describes a "basic mechanism" used in 
a situation in which a calculated True Name of a data item does not match a given 
True Name (Farber, column 31, lines 38-56). In this situation, Farber teaches 
removing an entry from the True File registry entry record 140 and placing it 
somewhere else (Farber, column 31, lines 53-55). The fact that Farber provides 
this level of detail in column 31, lines 40-56 in describing an error handling 
scenario, as compared to the scant treatment given the "healing" teaching in lines 
31-33 in that same column, further weakens the Office's interpretation of lines 31- 
33, and the conclusions drawn therefrom by the Office. Furthermore, Farber's 
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handling of a scenario in which identifiers associated with two data items do not 
match, as described in column 31, lines 40-55 of Farber, neither teaches nor 
suggests the features recited in the last paragraph of the Applicant's claim 1. 

Summarizing the foregoing comments, the Applicant submits that Farber 
fails to teach or suggest at least the features recited in the last paragraph of claim 1 
for at least two reasons. First, column 31, lines 31-33 of Farber, as cited in the 
Action, provides insufficient detail to support an interpretation covering the 
features recited in the Applicant's claim 1. Any motivation or suggestion to read 
Farber's limited teaching in lines 31-33 so broadly as to support a rejection of the 
comes only from the Applicant's teachings, and amounts to impermissible 
hindsight reconstruction or interpretation of the prior art based only on the 
Applicant's disclosure and claims. Second, other portions of Farber that provide 
additional detail on Farber's processing, such as column 31, lines 40-56, fail to 
teach or suggest the features recited in at least the final paragraph of the 
Applicant's claim 1. 

For at least the foregoing reasons, the Applicant submits that Farber fails to 
support a § 103 rejection of claim 1 because it does not teach or suggest at least 
the features recited in the final paragraph of claim 1. The secondary references. 
Brothers and Rosenthal, are cited against portions of claim 1 other than the final 
paragraph of claim 1, and are thus not discussed in detail here. The Applicant thus 
requests reconsideration and withdrawal of the § 103 rejections of claim 1. 
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These same comments apply equally to pending claims 2-7 and 10-13, 
which depend from claim 1. Claims 2-7 and 12 stand rejected on the same 
grounds as does claim 1, while claims 10-11 and 13 stand rejected on different 
grounds under § 103, and are addressed in more detail below. In any event, the 
Applicant requests reconsideration and withdrawal of the § 103 rejections of 
dependent claims 2-7 and 10-13. 

Turning to independent claim 14, the Applicant has revised claim 14 to 
clarify further features of the network server. For convenience, the Applicant 
reproduces claim 14, with the above revisions shown in redline: 

14. (currently amended) A network server, comprising: 

a server component to receive a request for a resource maintained on the network server 
and, in response to the request, implement security policies to prevent unauthorized access to the 
resource; 

a memory to store a cached descriptor con^esponding to the resource; and 
a security component that is registerable with the server component during run-time to 
determine whether the request will pose a security risk to the network server, the request posing 
the security risk if the resource has been corrupted and if execution of the resource will 
compromise the network server , the security component being configured to: 

formulate a replica descriptor corresponding to a replica of the resource and 
compare the replica descriptor with the cached descriptor: and 
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if the replica descriptor and the cached descriptor are not equivalent, formulate a 
second descriptor correspondinir to the resource and compare the replica descriptor with 
the second descriptor . 

The Applicant notes that the features now recited in claim 14 are similar to 
features previously recited in claim 1, and submits that the revisions to claim 14 
are fully supported under § 112, 1^^ paragraph, on at least that basis. Also, because 
the revisions to claim 14 are similar to features previously recited in claim 1, the 
Applicant submits that the above comments directed to Farber apply equally to 
claim 14. On at least this basis, the Applicant requests reconsideration and 
v^ithdrav^al of the § 103 rejection of claim 14. 

These same comments apply equally to pending claims 15-19, vv^hich 
depend from claim 14. Claims 15 and 18 stand rejected on the same grounds as 
does claim 14, while claims 16-17 and 19 stand rejected on different grounds 
under § 103, and are addressed in more detail below. In any event, the Applicant 
requests reconsideration and withdrawal of the § 103 rejections of dependent 
claims 15-19. 

Turning to independent claim 20, the Applicant has revised claim 20 to 
clarify further features of the network server system. The revisions to claim 20 are 
similar to the revisions made to claim 1 , and are believed fully supported under § 
112, paragraph, on at least that basis. Additionally, because the revisions to 
claim 20 are similar to features previously recited in claim 1, the Applicant 
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submits that the above comments directed to Farber apply equally to claim 20. On 
at least this basis, the Applicant requests reconsideration and withdrawal of the § 
103 rejection of claim 20. 

These same comments apply equally to pending claims 21-24, which 
depend from claim 20 and stand rejected on the same grounds as does claim 20. 
On at least this basis, the Applicant requests reconsideration and withdrawal of the 
§ 103 rejections of dependent claims 21-24. 

Tuming to independent claim 25, the Applicant reproduces claim 25 here 
for convenience, with emphasis added to ease discussion: 

"25. (previously presented) A network server, comprising: 

an Internet server to receive a request for a resource maintained on the network server 
and, in response to the request, implement security policies to prevent unauthorized access to the 
resource; 

a security component that is registerable with the Internet server during run-time, the 
security component having: 

a vahdation component to determine whether the request will pose a security risk 
to the network server by determining if a total number of characters defining all of the 
arguments of the request exceeds a maximum number of characters', and 

an integrity verification component to determine whether the resource will pose a 
security risk to the network server upon receipt of the request." 
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Recall that claim 25 stands rejected under § 103 as being unpatentable over 
Farber in view of Brothers and Rosenthal. Farber clearly does not teach or suggest 
a security component that is configured to determine whether a request will pose a 
security risk, as noted in the Action at the bottom of page 5 in stating the rejection 
of claim 1. Therefore, the Action cited Rosenthal for this teaching in rejecting 
claim 1, as indicated at the top of page 6 of the Action. However, claim 1 does not 
include the feature from claim 25 emphasized above. The Applicant also submits 
that Rosenthal does not provide the teaching missing from Farber that is necessary 
to support a § 103 rejection of claim 25. More particularly, while Rosenthal 
pertains to a method for securing software against corruption by computer viruses, 
the cited portions of Rosenthal does not appear to teach or suggest determining 
"whether the request will pose a security risk to the network server by determining 
if a total number of characters defining all of the arguments of the request exceeds 
a maximum number of characters", as recited in claim 25. The cited portions of 
Rosenthal appear to discuss detection of viruses and corruption, but do not 
recognize or address the issue of checking the number of characters in arguments 
of a request as a security precaution. 

On at least this basis, the Applicant submits that Farber and Rosenthal, even 
assuming only for the sake of these comments that they are properly combined 
under § 103, fail in combination to teach or suggest at least the above features 
emphasized above in claim 25. Therefore, Farber and Rosenthal fail to support a 
§ 103 rejection of claim 25, and the Applicant requests reconsideration and 
withdrawal of the § 103 rejection of claim 25 on at least this basis. 
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Pending claims 26-32 depend from claim 25, so the above comments apply 
equally to these dependent claims as well. Claims 28 and 30-32 stand rejected on 
the same grounds as does claim 25, while claims 26-27 and 29 stand rejected on 
other grounds discussed in more detail below. In any event, the Applicant 
requests reconsideration and withdrawal of the § 103 rejections of dependent 
claims 26-32. 

Turning to independent claim 37, the Applicant reproduces claim 37 here 
for convenience, with emphasis added to ease discussion: 

"37. (previously presented) One or more computer readable media containing a 
security application, comprising: 

a validation component to determine whether a request for a resource poses a security 
risk by determining if a total number of characters defining all of the arguments of the request 
exceeds a maximum number of characters', and 

an integrity verification component to determine whether the resource poses a security 

risk." 

The feature emphasized above in claim 37 is similar to the feature 
discussed in detail above in connection with the rejection of independent claim 25, 
and the comments above directed to the rejection of claim 25 apply equally here. 
In the interest of conciseness, these comments are not repeated for claim 37. 
However, based on similar considerations, the Applicant submits that Farber and 
Rosenthal, even assuming only for the sake of these comments that they are 
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properly combined under § 103, fail in combination to teach or suggest at least the 
above features emphasized above in claim 37, Therefore, Farber and Rosenthal 
fail to support a § 103 rejection of claim 37, and the Applicant requests 
reconsideration and withdrawal of the § 103 rejection of claim 37 on at least this 
basis. 

These same comments apply equally to pending claims 38-44, which 
depend from claim 37. Claims 40 and 42-44 stand rejected on the same grounds 
as does claim 37, while claims 38-39 and 41 stand rejected on different grounds 
under § 103, and are addressed in more detail below. In any event, the Applicant 
requests reconsideration and withdrawal of the § 103 rejections of dependent 
claims 38-44. 

Turning to independent claim 45, the Applicant reproduces claim 45 here 
for convenience, with emphasis added to ease discussion: 

"45. (previously presented) A method, comprising: 

receiving a request for a replica resource stored on a computing device, the request 
designating a resource locator having a resource path identifying a location of the rephca 
resource; 

formulating a descriptor corresponding to the replica resource; 

comparing the formulated descriptor with a cached descriptor corresponding to an 
original resource stored on a second computing device remotely located from the computing 
device, the replica resource being replicated from the original resource; 



lee@hayes 



41 



786319.DOC 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



determining that the replica resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent; 

if the formulated descriptor and the cached descriptor are not equivalent, formulating a 
second descriptor corresponding to the original resource; 

comparing the formulated descriptor with the second descriptor, and 

determining that the replica resource does not pose a security risk if the formulated 
descriptor and the second descriptor are equivalent." 

The feature emphasized above in claim 45 is similar to the feature 
discussed in detail above in connection with the rejection of independent claim 1, 
and the comments above directed to the rejection of claim 1 apply equally here. In 
the interest of conciseness, these comments are not repeated for claim 45. 
Hov^ever, based on similar considerations, the Applicant submits that Farber and 
Brothers, even assuming only for the sake of these comments that they are 
properly combined under § 103, fail in combination to teach or suggest at least the 
above features emphasized above in claim 45. Therefore, Farber and Rosenthal 
fail to support a § 103 rejection of claim 45, and the Applicant requests 
reconsideration and withdrawal of the § 103 rejection of claim 45 on at least this 
basis. 

These same comments apply equally to pending claims 46-60, all of which 
depend ultimately from claim 45. Claims 46-54, 57, and 59-60 stand rejected on 
the same grounds as does claim 45, while claims 55-56 and 58 stand rejected on 
different grounds under § 103, and are addressed in more detail below. In any 
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event, the Applicant requests reconsideration and withdrawal of the § 103 
rejections of dependent claims 46-60. 

Turning to independent claim 61, the Applicant reproduces claim 61 here 
for convenience, with emphasis added to ease discussion: 

"61. (previously presented) A method, comprising: 
receiving a request for a resource; 

implementing security policies to prevent unauthorized access to the resource; 

determining whether the request will pose a security risk by determining if a total number 
of characters defining all of the arguments of the request exceeds a maximum number of 
characters; and 

determining whether the resource will pose a security risk if allowing the request." 

The feature emphasized above in claim 61 is similar to the feature 
discussed in detail above in connection with the rejection of independent claim 25, 
and the comments above directed to the rejection of claim 25 apply equally here. 
In the interest of conciseness, these comments are not repeated for claim 61. 
However, based on similar considerations, the Applicant submits that Farber and 
Rosenthal, even assuming only for the sake of these comments that they are 
properly combined under § 103, fail in combination to teach or suggest at least the 
above features emphasized above in claim 61. Therefore, Farber and Rosenthal 
fail to support a § 103 rejection of claim 61, and the Applicant requests 
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reconsideration and withdrawal of the § 103 rejection of claim 61 on at least this 
basis. 

These same comments apply equally to pending claims 62-70, which 
depend from claim 61. Claims 62 and 65-70 stand rejected on the same grounds 
as does claim 61, while claims 63-64 stand rejected on different grounds under § 
103, and are addressed in more detail below. In any event, the Applicant requests 
reconsideration and withdrawal of the § 103 rejections of dependent claims 62-70. 

As stated in Paragraph 8 on page 23 of the Action, claims 10-11, 13, 16-17, 
19, 26-27, 29, 38-39, 41, 55-56, 58, and 63-64 stand rejected under § 103(a) as 
being unpatentable over Farber, in view of Brothers, in view of Rosenthal, and in 
view of United States Patent Application Publication No. US 2002/0103712 Al to 
Rollins, et al. (hereinafter, "Rollins"). 

Turning to dependent claim 10, this claim depends from claim 1, so all 
comments directed above to claim 1 apply equally to claim 10. In addition to 
these comments, however, the Applicant also comments specifically on the 
rejection of claim 10, as follows. 
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For convenience, the Applicant reproduces claim 10 here, with emphasis 
added to ease discussion: 

"10. (previously presented) A network system as recited in claim 1, wherein the 
request further designates the resource locator having a resource path, the resource path 
identifying a location of the replica resource, and wherein the security component determines that 
the request is not a security risk if the resource path does not exceed a maximum number of 
characters'' 

As noted above at the beginning of these Remarks, the Applicant has not 
received a copy of the Brothers provisional application v^ith either the Action or 
the Advisory Action. Therefore, the Applicant proceeds v^ith these comments 
based on what is contained in the Action, and reserves further comment on 
Brothers until the provisional is received. 

Turning to the Action, the Applicant agrees with the assessment on page 24 
of the Action that Brothers does not disclose expressly that the security component 
determines that the request is not a security risk if the resource path does not 
exceed a maximum number of characters. Therefore, the Action cited Paragraph 
[0087] of Rollins for this teaching. 

Turning to Rollins in more detail, Rollins pertains to a method for securing 
software against corruption by software viruses. Paragraph [0087] of Rollins 
introduces a discussion of Address Identifiers. Paragraph [0088] of Rollins 
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indicates that the maximum length for a URL is typically two hundred fifty six 
(256) characters, and also indicates that if the length of a given URL exceeds a 
specified threshold, then lOM 308 uses an address identifier to reduce the overall 
size of a modified URL. However, this teaching from Rollins fails to provide 
what is missing from Brothers to support a § 103 rejection of claim 10. 

Rollins teaches reducing the length of URLs under some circumstances, but 
fails to teach or suggest any particular reasons for doing so. Rollins also fails to 
teach or suggest any problems that are overcome by reducing the length of URLs. 
More specifically, Rollins fails to teach or suggest that a given request "is not a 
security risk if the resource path does not exceed a maximum number of 
character", as recited in claim 10. Like Brothers, Rollins does not appear to 
recognize the security risks associated with resource paths having excessive 
length, which is the issue dealt with in claim 10. Even if Brothers and Rollins 
were combined, the resulting system would appear to simply truncate URLs that 
were over 256 characters in length, but the resulting system would still not assess 
the security risks associated with such URL lengths. Any motivation to do so 
comes only from the Applicant's teaching and claims, and not from the cited art. 

Based on at least the foregoing, the Applicant submits that Farber, Brothers, 
Rosenthal, and Rollins, even assuming only for the sake of these comments that 
these references are properly combined under § 103, fail in combination to teach 
or suggest at least the above features emphasized above in claim 10. Therefore, 
Brothers and Rollins, in particular, fail to support a § 103 rejection of claim 10, 
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and the Applicant requests reconsideration and withdrawal of the § 103 rejection 
of claim 10 on at least this basis. 

Turning to claims 11, 13, 16-17, 19, 26-27, 29, 38-39, 41, 55-56, 58, and 
63-64, each of these claims are dependent claims, so all comments directed above 
to their corresponding independent claims apply equally to these dependent 
claims. To the extent that the rejections of these dependent claims are based on 
Brothers, the Applicant reserves further substantive comment until a copy of the 
Brothers provisional is received. 

Conclusion 

The Applicant respectfully requests reconsideration and withdrawal of the 
rejections of pending claims 1-7, 10-32, and 37-70. If any issues remain that 
preclude issuance of this application, the Examiner is urged to contact the 
undersigned attorney before issuing a subsequent Action. 



Respectfully Submitted, 





Rocco L, Adomato 
Reg. No. 40,480 
(509) 324-9256 x 257 



lee@hayes 



7863i9.DOC 



